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[57] ABSTRACT 

A method and apparatus for authenticating subscriber units 
(30) and users (25) in a communications system includes a 
communications node (200) which receives biometric infor- 
mation describing a user (25), and measures an RF signature 
of the subscriber unit (30). The biometric information and 
RF signature are compared against a valid user profile to 
determine authenticity of the user (25) and the subscriber 
unit (30). The biometric information can include retinal scan 
data, fingerprint data, or other data. The RF signature can 
include spectral content, phase or frequency characteristics, 
or other identifying features. 

14 Claims, 5 Drawing Sheets 
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USER AUTHENTICATION IN A 20, home gateway(HGW) 50, visiting gateway(VGW) 40, 

COMMUNICATION SYSTEM UTILIZING base station 35, and public switched telephone network 

BIOMETRIC INFORMATION (PSTN) 60. Also shown in communications system 10 are 

communications links 65, 70, 75, 80, 85, and 90, and user 25 

FIELD OF THE INVENTION 5 with subscriber unit 30. 

| This invention relates in general to the detection of Satellites 15 and 20 are preferably low earth orbit (LEO) 

I fraudulent use of communications systems and, in particular, satellites, but this is not a limitation of the present invention, 

f to fraudulent access by mobile users. In a preferred embodiment, satellites 15 and 20 are part of 

' a larger constellation of LEO satellites. In addition, the 

BACKGROUND OF THE INVENTION 10 functionality of satellites 15 and 20 can be combined into a 

single satellite while still practicing the present invention. 

Fraudulent access of cellular telephone systems is costly. For examp l e , communications system 10 could include one 

Service providers lose money every year due to pirates or more geostationary orbit (GSO) satellites that provide the 

accessing systems with stolen phones, and due to pirates functionality of satellites 15 and 20. 

usmg fraudulent equipment made to operate like legitimate is HGW 50, VGW 40, and base station 35 communicate 

^ with satellite 20 via communication links 90, 85, and 80, 

Current techniques used in the art to detect fraudulent use respec tively, as shown in FIG. 1. The satellites, in turn, 

include evaluating call patterns, called numbers, locations communicate with mobile user 25 via communication link 

from which calls are placed, etc., and making comparisons 70 communication links in the exemplary embodiment 

against a user's historical activity. When anomalous behav- of FIG j show the gateways commun j C ating with a single 



ior is recorded, fraudulent use is suspected. This allows 
service providers to detect fraudulent use only as a result of 
a change in a user's calling behavior, and while useful, is not 
very robust. If stolen phones stay in the area of their normal 



satellite and a single satellite communicating with a single 
mobile user. In a preferred embodiment, base station 35, 
HGW 50, and VGW 40 each communicate with multiple 
satellites, possibly simultaneously, and each satellite com-' 



BRIEF DESCRIPTION OF THE DRAWINGS 



use, their pirated use may not be detected. Likewise, if 25 mun i cate s with multiple mobile users. FIG. 1 shows that for 
fraudulent equipment that mimics a particular phone is used mobile ^ 25 t0 communicate with HGW 50, the commu- 
in the area normally occupied by the legitimate user, the nic ation link includes two satellites. In another valid con- 
pirated use may not be detected. figuration of the network, the link between mobile user 25 
It would be desirable to robustly detect both types of and HGW 70 includes three or more satellites, and in still 
pirated use outlined above. That is, it would be useful to 30 another valid configuration, only one satellite is needed, 
detect either a pirate with a stolen phone, or the use of Multiple valid configurations also exist in the fink between 
fraudulent equipment. What is needed is a method and mobile user 25 and base station 35, and between mobile user 
apparatus for authenticating a particular cellular telephone, 25 and VGW 40. 

and verifying that it is being used by a valid user for that 0oc of many factions performed by base station 35, 

telephone. 3 HGW 50, and VGW 40 is to network the communications 

system with PSTN 60. When a call is placed through a 

satellite by mobile user 25, the call is routed through the 

FIG. 1 shows a diagram of a communications system in satellites to a gateway, and if the call is destined for a user 

accordance with a preferred embodiment of the present ^ in PSTN 60, the gateway routes the call to PSTN 60. If, on 

invention; the other hand, the call is destined for another user within 

FIG. 2 shows a diagram of a node in a communications communications system 10, the call may never be routed to 

system in accordance with a preferred embodiment of the PSTN 60 Base station 35, HGW 50, and VGW 40 can 

present invention; communicate using terrestrial links or using satellite com- 

™~ - , .. - . . , Ar munication links such as the path created by links 80, 85, 

FIG. 3 shows a diagram of a subscriber unit tn accordance 45 ^ ^ r J 

with a preferred embodiment of the present invention; " 

„_ . , . , . , Subscriber unit 30 is typically a cellular telephone, but 

FIG. 4 shows a diagram of a test set in accordance with ^ fa Qot a Um ^ iion of te t mveritior , Subscriber 

a preferred embodiment of the present invention; ^ 3Q can also ^ a data device , such ^ a modem? or any 

FIG. 5 shows a flowchart of a method of authenticating a 5q other devicc capa bl e of transmitting into communications 

user and a subscriber unit in a communications system in system 10. Subscriber unit 30 can also be for use exclusively 

accordance with a preferred embodiment of the present terrestrial systems or satellite systems; however, in a 

invention; preferred embodiment, subscriber unit 30 is a dual-use 

FIG. 6 shows a flowchart of a method of operating a phone that operates with both terrestrial and satellite sys- 

subscriber unit in a communications system in accordance 55 tems. The modulation format used by subscriber unit 30 is 

with a preferred embodiment of the present invention; and not a limitation of the present invention. 

FIG. 7 shows a flowchart of a method of operating a test HGW 50 includes home location register (HLR) 55. HLR 

set in a communications system in accordance with a 55 includes user profile information, and maintains billing 

preferred embodiment of the present invention. information for user 25. Home location registers are well 

60 known in the art of global system for mobile telecommu- 

DETAILED DESCRIPTION OF THE DRAWINGS nications (GSM). VGW 40 includes visiting location register 

/ Turning now to the drawings in which like reference (VLR) 45. VLR 45 maintains user information while user 25 

/characters indicate corresponding elements throughout the is roaming in the service area of VGW 40. When a node in 

s/veral views, attention is first directed to FIG. 1. FIG. 1 communications system 10 retrieves user information, it can 

yshows a diagram of a communications system in accordance 65 come from HLR 55 or VLR 45. 

f with a preferred embodiment of the present invention. User 25 can access communications system 10 using 

Communications system 10 includes satellite 15, satellite either base station 35 or one of satellites 15 and 20. For the 
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purposes of authenticating user 25 and subscriber unit 30, and apparatus of the present invention utilizes this unique 

the processing within either base station 35 or one of the signature to distinguish legitimate subscriber units from 

satellites is substantially the same. Base station 35 is typi- fraudulent subscriber units in communications system 10. 

cally a cellular or personal communications system (PCS) The technique of identifying transmitters using RF signa- 

transceiver, but can be any other data communications node. 5 ^ not ncw j n the art, and has been previously used in 

The processing will be described with reference to a satel- military and intelligence applications. An example of an 

lite. When user 25 requests access to communications sys- apparatus for characterizing a radio transmitter can be found 

tem 10, subscriber unit 30 transmits to satellite 15 using ^ ij s Pat No . 5,005,210 issued Apr. 2, 1991, the contents 

communications link 70. Subscriber unit 30 is preferably a 0 f wn j cn are hereby incorporated by reference. 

radio frequency (RF) transmitter. As will be described in in r» *♦ a m * • j • n nc * 

j . -i i_ i i TiV* * t_ • IU Despite good engineering design practices, all RF trans- 
more detail below, RF transmitters nave unique signatures ... •« * , • , • , 4 f 
A . < , . r -j *n i jj-.- . -j r\-£ mitters will transmit undesired signal components at fre- 
that can be used for identification. In addition to ldentinca- . . 4 c • . A .... tt_ 

- . . *y g\ *i * j * i_ i a. lU . quencies within, and out of, a given bandwidth. These 

tion of subscriber unit 30, it is desirable to authenticate user t , t . . . . • *_ r i • 

™ . , . . ' . - A .... unwanted components originate in a variety of places in the 

25. To that end, subscriber unit 30 measures biome trie data . f . n . ..^ 

r j _ * , „. 4 1f « n . 4 . „ transmission chain, tor example, amplifier non-lineanties, 

from user 25 and transmits it to satellite 15. Biometric as 1? , t . . , r , . 

, c . c , • i t o ti * vr c 15 particularly in the output power amplifiers, produce harmon- 

defined, for example, m U.S. Pat. No. 5,469,506 means a : , . ; , , j. . 4 - ,iwtv» o * i j ■ 

• * * n . i_t J • t f. . • . • * L 1CS intermodulation distortion (IMD). Crystals used in 
substantially statue physical characteristic or a person wtned osciUators 

in the RF unit also produce unique, non-zero 

can be automatically measured and characterized for com- sub . harnjonics . Mixers C0 F mp0Und the production of 

P 4 ™* 00 " , , . . . , . ... , undesired mixing and spurious responses. Since each trans- 

The use of biometnc information for authentication of 20 miUer a unique combination of elements which produce a 

users has many advantages. A biometnc "ID" can never be uni a^^^ of mcsc undesired sp Urs , harmonics, 

lost or stolen because the biometnc information is a physical and mDs> this informa ti on can be measured and used to 

attribute of the holder. Additionally, with advances in identif ^ authenticate the particular RF transmitter, 

technology, biometrics are quickly becoming the most reu- , , , 

able method of user authentication known. 25 *e«iiible RF charactenst.es unique .0 each transmitter 

. . , £1 r j go beyond the aforementioned spurious spectral content. 

HLR 55 includes a valid user profile for user 25 and f, . . , . . 4 , V , , 

J , tl i j H " ; , j / Examples include, but are not hmited to, turn on transmit- 

subsenber unit 30. The valid user profile includes a data- j c t. j i 

u ^ V ium 6 iuviuuw a uow ^ utude frequency or phase modulation versus time, 

gram representing the RF signature of subscriber unit 30, a. *• u' *. * j * c j * u J 

j u* * • • * *• r ^ c j t. the time between turn on and onset of data, phase and 

and biometnc information for user 25 as measured by f j , .. , *i_ * j i I . , 

• « . - A A - . . , . „ . . - . J frequency modulation during that delay, the initial 
subscriber unit 30. After receiving biometnc information 30 i-*. j u j c j i l j * 
r » 4 «. 4 ^» .i. tit- • r amplitude, phase and frequency modulation when data 
from user 25, satellite 15 measures the RF signature of 1* *■ * * i «• 

. • « ii- -i* l j , . transmission starts, transmission bit tunes, total tunes, tim- 

subscriber umt 30. Satelhte 15 then sends a message through - Ut . j r n * • * • <r *• ^ 

. iv* nn. upii;«a * • * *u 1-j ai ^ J ltter » rise and timing, earner turn off tune, modu- 

satelhte 20 to HGW 50 retnevme the vahd user profile from , J , . t . j j- . *• j i i. .. 14 ... 

IIin „, f „ ... & r lation deviation and distortion, modulation phase, bit to bit 

HLR 55 (or from VLR 45). , , 4 . . 4 . , !, , t . 

v 7 modulation vanations, demodulation spectrum, spunous 

In a preferred embodiment, satellite 15 authenticates both 35 transmitter data? etc Some or aU of these various charac . 

user 25 and subsenber unit 30 by comparing biometnc can be ^ 5 commuQ i catioQS system 10 for 

information and the RF signature of subsenber unit 30 to the authentication of subscriber unit 30. 
valid user profile obtained from HLR 55. Because both 

biometric information and RF signatures are subject r to User Authentication 

statistical variations, a perfect match is seldom made. 40 

Accordingly, satellite 15 determines a degree to which user method and apparatus of the present invention uses 

25 and subscriber unit 30 match a valid user profile, result- biometric information describing user 25 to authenticate 

ing in a probability that the request for access is authentic. access - Biometric information used to authenticate access 

Tlie valid user profile also includes a threshold value, which can of retinal e y e data > iris e ? e data > 

the probability is compared against, to determine authentic- 45 fiogerpnnt data, voice print data, palm pressure print data, 

ity. The methods utilized may be any one of several, facial thermography, or any other data that represents a 

including contour distance measure, which is an average uaic l ue feature of an "^dividual user, 

summation of differences of each of the parameters; a least Biometric information used to authenticate access can 

mean square (IMS) error, weighted Gaussian density dis- include retinal eye scan data, which is a mapping of the 

tribution matching; and any other weighted or non-weighted 50 retinal blood vessels of the human eye. Research suggests 

statistical measurement DO two human eyes share the same pattern of blood 

Multiple mobile users 25 can be valid users of subscriber vessels. A retinal eye scan is typically performed by shining 

unit 30. HLR 55 includes valid user profiles for all valid an infrared light through the pupil to the back of the eye. The 

registered users of subscriber unit 30 as measured by sub- results arc ^0"^ for comparison with known valid data 

scriber unit 30 for each user. Satellite 15, when authenticat- 55 previously collected from the authentic user. Because retinal 

ing access, compares the biometric information and RF eye scan data is unique to each user, this leads to very robust 

signature against all valid user profiles included in HLR 55. authentication methods. 

User 25 can also access communications system 10 Th e use of a retinal eye scanner is advantageous because 

through base station 35. When a call request is made by user a retinal eyescan of user 25 provides a highly reliable 

25 through base station 35, base station 35 receives the 60 authentication through the use of unique characteristic of 

biometric information and the RF signature of subscriber each user 2S - retinal eyescan data is used, subscriber 

unit 30. Base station 35 receives a valid user profile from unit 30 includes a retinal eyescanner. When placing a call, 

HLR 55 through either communications link 80 or PSTN 60. ^ 25 P laces subscriber unit 30 such that a retinal eyescan 

is performed, and the retinal eyescan data is transmitted to 

Subscriber Unit Authentication 6S salelUte 15 Biometr ic information can also include voice 

RF transmitters have a unique spectral signature which print data, such as vocoder coefficients generated by sub- 
can be used to distinguish one unit from another. The method scriber unit 30 when user 25 speaks a standard phrase into 
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subscriber unit 30. Of course, other voice print data such as register interface 285 is also typically a transceiver. In a 

a digitized sample could also be used. preferred embodiment, the transceiver used for subscriber 

Biometric information can also include other user specific unil interface 220 is the same transceiver used for home 

information such as fingerprint data, retinal eyescan data, or | oc , ation "If*" 28S : In <we, liak ? 90 » f RF 

palm pressure print data. When fingerprint data is used, 5 hnk to a gateway that can retneve ^formation from a home 

subscriber unit 30 includes a fingerprint sensor that mea- ! oc , at, ° n . re » s ! er - an a , U f. raat t ^boduitent, node 200 k 

c -.r -»cu 11-ijtu included within a base station. In this case, subscriber unit 

sures a fingerprint of user 25 when a call is placed. Hie ^ fe ^ a transceivef) bome IocatioQ 

fingerprint sensor of subscriber unit 30 is preferably into- fcter imerface 2g ^ icall a mterf and ^ 

grated into the surface of a key on the keypad of subscriber 29fJ fe paft of a ^relme network capable of 

unit 30. For example, the star key or the pound key, when 10 communicating with a gateway. For example, link 290 can 

pressed, can measure the fingerprint of user 25. fc e p ar t 0 f PSTN 60 (FIG. 1). 

FIG. 2 shows a diagram of a node in a communications Id an alternate embodiment, processing resources on a 

system in accordance with a preferred embodiment of the satellite are reduced by off-loading some of the above stated 

present invention. Node 200 is preferably included in base functionality to a base station. For example, a satellite can 

station 35 (FIG. 1) or in one of satellites 15 and 20 (FIG. 1); 15 measure the RF signature of a subscriber unit, but not make 

however, node 200 can-exist elsewhere within communica- the comparison with the user profile retrieved from a home 

tions system 10. Node 200 includes subscriber unit interface location register. In this embodiment, processor 240 

220, signal characteristic analyzer 230, processor 240, and retrieves the RF signature from signal characteristic analyzer 

home location register interface 285. Subscriber unit inter- 230, retrieves the biometric information from subscriber unit 

face 220 is typically a transceiver capable of communicating 20 interface 220, and sends them both to a ground station via 

with a subscriber unit through an antenna 210. When node home location register interface 285. Typically, this infor- 

200 is included within a satellite, antenna 210 is an antenna mation will be received by a gateway or a base station where 

pointed at the ground for communication with a subscriber the comparison with a valid user profile takes place. This 

unit via communications link 280. When node 200 is embodiment is advantageous in communications systems 

included within a base station, antenna 210 is typically an 25 employing "bent pipes" in the satellites. Systems employing 

antenna on a tower capable of communicating with a sub- bent pipes typically do not include excess processing power 

scriber unit via communications link 280. in the satellites, so off-loading tasks is advantageous. 

Signal characteristic analyzer 230 is coupled to subscriber In another alternate embodiment, processor resources on 

unit interface 220 via signal 250. Signal 250 can be identical 3Q a satellite are advantageously reduced by off-loading func- 

to the signal received by subscriber unit interface 220; tionality other than that previously stated. For example, a 

however, signal 250 can also have undergone amplification, base station can include signal characteristic analyzer 230 so 

frequency translation, or other suitable modifications. Signal that when a subscriber unit is communicating with the base 

characteristic analyzer 230 measures the RF signature of the station, the base station measures the RF signature of the 

subscriber unit communicating with node 200. When the RF 35 subscriber unit. The comparison can then be performed at 

signature includes spurious spectral content as described the base station or at a satellite. One skilled in the art will 

above, signal characteristic analyzer 230 includes a spec- appreciate that the different functions can be distributed in 

\ trum analyzer. Signal characteristic analyzer 230 can also the system in a multitude of advantageous ways. 

include other measurement devices capable of measuring FIG. 3 shows a diagram of a subscriber unit in accordance 

other aspects of the RP signature. For example, signal ^ with a preferred embodiment of the present invention, 

characteristic analyzer 230 typically includes instantaneous Subscriber unit 30 includes transceiver 310, processor 320, 

frequency modulation (IFM) measurement hardware, phase memory 380, vocoder 330, speaker 340, microphone 350, 

measurement hardware, and timing measurement hardware. keypad 370, fingerprint sensor 375, retinal scanner 360, and 

Signal characteristic analyzer 230 produces a datagram on user notifier 365. Processor 320 is coupled to memory 380 

/signal 260 which represents the RF signature of a subscriber 4S via control bus 325. Processor 320 is also coupled to keypad 

communicating with node 200. 370, fingerprint sensor 375, retinal scanner 360, vocoder 

Processor 240 receives the RF signature datagram on 330, and user notifier 365 via control bus 325. 

signal 260, and receives other data from subscriber unit A user operating subscriber unit 30 operates keypad 370 

interface 220 on signal 270. Signal 270 is preferably many when making a call. In a preferred embodiment, fingerprint 

signals, representative of a processor's control bus. This can 50 sensor 375 is integral with keypad 370. For example, 

include, for example, address lines, data lines, and control fingerprint sensor 375 is preferably part of a key, such as the 

fines. Processor 240 also receives information from home star key or the pound key, so that a fingerprint may be 

location register interface 285. measured while the user operates keypad 370. The resulting 

Home location register interface 285 communicates with fingerprint data is formatted by processor 320 to be trans- 

a home location register via link 290. Processor 240 receives 55 mitted by transceiver 310 as biometric information describ- 

user profiles from a home location register via home location ing the user. 

register interface 285 and signal 270. Processor 240 com- Retinal scanner 360, like fingerprint sensor 375, is also a 

pares the RF signature received on signal 260, and the user's biometric measuring device that measures a biometric which 

biometric information received from subscriber unit inter- describes the user. Retinal scanner 3 60 scans the retina of the 

face 220 on signal 270, with a valid user profile retrieved $q user and sends the retinal scan data to processor 320 to be 

from a home location register. When a match is made, formatted for transmission by transceiver 310. User notifier 

processor 240 allows the subscriber unit and the user to 365 is preferably a part of retinal scanner 360 and notifies 

communicate in communications system 10 (FIG. 1). On the the user when the retinal scan is complete. User notifier 365 

other hand, when processor 240 finds no match, access to also provides feedback to the user during the retinal scan so 

communications system 10 (FIG. 1) is denied. 65 that the retinal scan is performed correctly. 

When node 200 is included in a satellite, subscriber unit Microphone 350 receives speech from the user, and 

interface 220 is typically a transceiver, and home location vocoder 330 generates coefficients to be formatted by pro- 
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cessor 320 and transmitted by transceiver 310. Vocoder 330 HLR interface 435. HLR interface 435 stores the valid user 

is also coupled to speaker 340 so that the user can receive profile in the HLR for retrieval later when user 25 and 

audible information received by transceiver 310. Subscriber subscriber unit 30 need to be authenticated, 

unit 30, as shown in FIG. 3, includes three of the many FIG. 4 shows a single user 25 with a single subscriber unit 

different possible biometric sensors: fingerprint sensor 375, 5 30 being registered. In a preferred embodiment, multiple 

retinal scanner 360, and vocoder 330. The number of bio- 25 can be registered for use with a single subscriber 

metric sensors is not a limitation of the present invention. unit 30 allows a number of people to be registered for 

For example, fingerprint sensor 375 can be included, where of a singfc subscriber unit. When multiple users 25 are 

retinal scanner 360 is not. Likewise, subscriber unit 30 may registered for use of subscriber unit 30, test set 400 runs the 

mcluderetinalscaiiner360andnotfingerprmtsensor375.In 10 test at least once for each user 25. , 

an alternate embodiment, subscriber unit 30 includes neither FIG - S ? ho ™ a flow chart of a method of authenticating 

fingerprint sensor 375 nor retinal scanner 360, but instead a ^ a subscriber unit m a communications system in 

includes a palm pressure print sensor or a facial thermog- accordance wit h a Preferred einboaoment of the present 

rapher. One skilled in the art will appreciate that still other invention. Method 500 begins with step 510 when biometnc 

t™„c n e k - _ f ■ I .„™ < . m ,„ ul • u.j^j nr u:u c-t;ii , c information is obtained describing a user. The biometnc 

types or biometnc sensors may be included while still 15 . . _ „_ t & _ . ^ . _ 

1Mnf • mformation of step 510 can be nngerpnnt information, 

practicing the present invention. . , . c r . • • * ' 

... . . . , retinal eyescan information, voicepnnt mformation, or any j 

Processor 320 receives biometnc information from other Qther information describing the user. In step 520, a signal f 

subsystems included within subscnber unit 30, and formats characteristic of a subscriber unit is measured to obtain an *< 

them for transmission by transceiver 310. Transceiver 310 RF si ^ nature , ^ RF si ture obtaiae d in step 520 

receives the formatted biometnc mformation from processor 20 idefltifies> tQ ^ ^ ej£tenl ^ ^ subscri5er unit 

320 and prepares it for transmission at RF frequencies. The being used by the user 

functions of transceiver 310 can include but are not limited fa a fc evaluated ^ ^ biometlic 

to, modulation, frequency conversion, and amplification _As Motmilioa ^ the Rp sj tore match a tored user 

t a in e tbabk fhtrrte^U« " « ? rofile " ^ P re - St0red ^ P rofile o£ ste P 530 Preferably 

1 ™ * includes a threshold, above which the probability will sig- 

Subscriber unit 30 has many advantages. By measuring nify a match ^ and below which the probability will indicate 

biometric information describing the current user, subscriber a noa _ ma t Cfl . i n step 540, the probabiHty is compared 

unit 30 provides communications system 10 (FIG. 1) with against the threshold. If the probability is above the 

the ability to robustly authenticate the user. In addition, threshold, processing proceeds with step 560 where access 

subscriber unit 30 transmits an RF signature to communi- ^ granted. 0o the other hand, if the probability is below the 

cations system 10 (FIG. 1) which allows the system to threshold, processing proceeds with step 550 where access 

authenticate subscriber unit 30. After subscriber unit 30 ^ den i e d. After either step 550 or 560, the authentication 

transmits biometric information describing the user, and an process is complete and method 500 ends. 

RF signature describing the subscriber unit, communication ^ of method 5Q0 ^ . describe d, can be per- 

system 10 (FIG. 1) transmits mformation back to subscnber formed m a sin ^ e Qode of a communicatkms systerri} or can 

unit 30 granting access. If, however, a pirate is using b e performed in a distributed fashion among multiple nodes 

subscriber unit 30 the biometnc information measured by of a communications system . For example, a portion of 

subscnber unit 30 will not match the valid biometnc meulo d 500 can be performed in a sateUite, such as steps 510 

mformation and communications system 10 (HG 1) wiU and ^ ^ ^ remainin st performed in a gatewa v. 

transmit information back to subscriber unit 30 denying Ifl anothef example cmbodimcotj all 0 f the steps in method 

access. *jqq m p er f orrned i n a base station, such as base station 35 

FIG. 4 shows a diagram of a test set in accordance with i n communications system 10 (FIG. 1). 

a preferred embodiment of the present invention. Test set FIG. 6 shows a flowchart of a method of operating a 

400 is used to generate the valid user profiles which are 4S subs criber unit in a communications system in accordance 

stored in the home location register. When a new user ^ a pre f erred embodiment of the present invention, 

registers with communications system 10 (FIG. 1), his Method 600 begins with step 610 when biometric informa- 

biometric information is measured along with the RF sig- tion ^ measured which describes a user. After the biometric 

nature of his subscriber unit, and the result is stored in the information is measured in step 610, the biometric informa- 

home location register. SQ ^ on ^ formatted and sent to a communications system for 

Test set 400 includes receiver 420, signal characteristic authentication in step 620. In step 630, a signal with a unique 
analyzer 425, processor 430, and HLR interface 435. The RF signature is sent to the communications system for 
functional blocks described with reference to test set 400 authentication. The signal with a unique RF signature of step 
operate analogously to the corresponding functional blocks 630 can be the signal which includes the biometric infor- 
of node 200 (FIG. 2), with the exception that rather than 5S mation of step 620, or can be a separate signal. Then, in step 
authenticating access, test set 400 generates the known valid 640, an acknowledgment signal is received from the corn- 
user profile. munications system. After receiving the acknowledgment 

In operation, user 25 operates subscriber unit 30, and the signal in step 640, processing proceeds with step 650. If, in 
resulting signal 410 includes the measured biometric infor- step 650, access has been granted because the biometric 
mation and the RF signature of subscriber unit 30. Receiver 60 mformation and the RF signature matched a pre -stored user 
420 receives signal 410 and routes it to signal characteristic profile, then processing proceeds with step 670 where com- 
analyzer 425. Signal characteristic analyzer 425 measures munications are commenced. Otherwise, processing pro- 
the RF signature of signal 410 and provides a datagram ceeds with step 660 where communications are not corn- 
describing the RF signature to processor 430. Likewise, menced. At the completion of either step 660 or step 670, 
receiver 420 provides the biometric information to processor 65 method 600 is complete, and processing ends. 
430. Processor 430 formats the RF signature and the bio- FIG. 7 shows a flowchart of a method of operating a test 
metric information into a valid user profile that is sent to set in a communications system in accordance with a 
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preferred embodiment of the present invention. Method 700 
as shown in FIG. 7 is a method of generating the prestored 
user profiles previously described. When a user or a plurality 
of users are to be registered as valid users of a subscriber 
unit, method 700 is utilized in conjunction with the test set 
of FIG. 4 to generate valid user profiles to be stored in the 
home location register. 

Method 700 begins with step 710 when biometric infor- 
mation is obtained describing a user. In step 720, a signal 
characteristic of a subscriber unit is measured to obtain an 
RF signature. The signal of 720 may be the signal which 
transmitted the biometric information of step 710, but this is 
not a limitation of the present invention. For example, a 
separate signal may be transmitted from a subscriber unit for 
the purposes of measuring the RF signature. In step 730, the 
biometric information and the RF signature are formatted 
into a user profile. The user profile of step 730 includes 
information which describes a valid user in conjunction with 
a valid subscriber unit. In step 740, the user profile is sent to 
a home location register. If, in step 750, there are more users 
to be registered, then processing proceeds with step 760 
where the next user is substituted for the present user. After 
step 760, steps 710 through 740 of method of 700 are 
repeated for the next user. When there are no more users to 
be registered, processing ends after step 750. 

Although method 700 describes a preferred embodiment 
where each separate user profile is sent to a home location 
register separately in step 740, other embodiments exist 
where the user profiles are not sent to the home location 
register until all user profiles for all valid users have been 
generated. 

Method 700 is typically performed when a new subscriber 
unit is issued to a user or a number of users, or after a 
subscriber unit undergoes service which may cause the RF 
signature to change. Method 700 can also be performed 
periodically to take into account any changes occurring over 
time which affect either biometric information or RF signa- 
tures. 

In summary, the method and apparatus of the present 
invention provides an advantageous means for authenticat- 
ing subscriber units and users in a communications system. 
While we have shown and described specific embodiments 
of the present invention, further modifications and improve- 
ments will occur to those skilled in the art. For example, the 
specific embodiments described pertain mainly to telephony 
systems, but the method and apparatus of the present inven- 
tion also apply to wideband systems, paging systems, and 
other data delivery services. We desire it to be understood, 
therefore, that this invention is not limited to the particular 
forms shown and we intend in the appended claims to cover 
all modifications that do not depart from the spirit and scope 
of this invention. 

What is claimed is: 

1. A communications system comprising: 

at least one subscriber unit associated with a biometric 
sensor for measuring biometric information of a user 

a transmitter capable of transmitting a signal with a 
unique signature of said at least one subscriber unit; 

a register which has a pre-stored user profile including a 
valid signature and valid biometric information; 

a communications node which receives said biometric 
information and said signal from the at least one 
subscriber unit and receives said pre-stored user profile 
from said register, said communication node evaluating 
a probability that said biometric information and said 
unique signature substantially match said pre-stored 
user profile and providing access to said user if said 
probability is greater than a threshold and denying 
access to said user if said probability is less than a 
threshold. 
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2. A user authentication apparatus in a communications 
system, said user authentication apparatus comprising: 

a subscriber unit having: 

a biometric sensor for measuring biometric information 
of a user; 

a processor in communication with said biometric 
sensor, said processor formatting said biometric 
information and producing formatted biometric 
information; and 
a transmitter in communication with processor, said 
transmitter receiving said formatted biometric infor- 
mation and preparing said formatted biometric infor- 
mation for transmission as a signal having said 
biometric information; 
a communication node receiving said signal and a pre- 
stored user profile and said signal, said communication 
node evaluating a probability that said signal having 
said biometric information substantially matches said 
pre-stored user profile and authenticating access of said 
user if said probability is greater than a threshold and 
failing to authenticate access of said user if said prob- 
ability is less than a threshold. 

3. The user authentication apparatus of claim 2 wherein 
said biometric sensor is a fingerprint measuring device, 

4. The user authentication apparatus of claim 3, wherein 
said fingerprint measuring device is integrated into at least 
one button of a keypad. 

5. The user authentication apparatus of claim 2 wherein 
said biometric sensor is a retinal eye scanner. 

6. The user authentication apparatus of claim 2 wherein 
said biometric sensor is a vocoder. 

7. The user authentication apparatus of claim 2 wherein 
said signal includes a unique RF signature. 

8. The user authentication apparatus of claim 2 further 
comprising a receiver for receiving an authentication mes- 
sage generated in response to said communication node 
evaluating a probabibty that said signal having said biomet- 
ric information substantially matches said pre-stored user 
profile. 

9. The user authentication apparatus of claim 2 wherein 
said biometric sensor is a facial thermographer. 

10. A method of authenticating access for a user of a 
subscriber unit in a communications system, said method 
comprising the steps of: 

obtaining biometric information of said user; 
measuring a signal characteristic of said subscriber unit to 

obtain a signature; 
comparing said biometric information and said signature 

against a pre-stored user profile; 
evaluating a probability that said biometric information 

and said signature substantially match said pre-stored 

user profile; 

providing access to said communications system if said 

probability is above a threshold; and 
denying access to said communications system if said 

probability is below said threshold. 

11. The method of claim 10 wherein said biometric 
information includes voice print data. 

12. The method of claim 11 wherein said voice print data 
includes vocoder coefficients. 

13. The method of claim 10 wherein said biometric 
information includes fingerprint data. 

14. The method of claim 10 wherein said biometric 
information includes retinal eye scan data. 
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